Skip to main content
You are the owner of this article.
You have permission to edit this article.
Mercy: 1,900 North Iowans at risk from potential data breach
breaking featured

Mercy: 1,900 North Iowans at risk from potential data breach

From the North Iowa's 82 most popular stories in 2018: North Iowa series
Mercy Medical Center-North Iowa

Mercy Medical Center-North Iowa photographed from the Mercy Air-Med helicopter.

MASON CITY | Mercy Medical Center--North Iowa has notified about 1,900 individuals of a potential data breach involving their health records and personal information. 

In notification letters mailed to affected individuals and their families Nov. 26, patients were told their protected health information may have been “inappropriately accessed by an employee between July 2017 and July 2018,” Mercy said in a statement released Monday afternoon. 

“We deeply regret this event and apologize to you for this individual’s actions. Inappropriate access to (electronic health records) is contrary to Mercy Medical Center–North Iowa’s policies and inconsistent with the high expectations we place on our colleagues,” privacy officer Kurt Harle said in the letter.

Insufficient funds: Mason City mall owner's tax checks bounce

Mercy said the letter was prompted by a recent internal investigation that determined an employee accessed information including birth dates, addresses, medication listings and insurance information, but couldn't confirm all the records accessed were viewed for “appropriate job-related purposes.”

Support Local Journalism

Your membership makes our reporting possible.

The employee, who was not named, is no longer employed by Mercy. 

Mercy mailed the notification to individuals whose records may have been accessed inappropriately — or alternatively, to their next of kin or personal representatives — at their current or last-known home addresses.

Mercy is offering free identity-theft services to affected individuals for one year. 

North Iowa owner of Samoyeds seized by ASPCA wants to keep some dogs, documents say

“Mercy--North Iowa takes very seriously the responsibility to safeguard the protected health information of patients and apologizes for any concern or inconvenience this situation may cause,” the statement said.

To help prevent future incidents, Mercy said its compliance team is reviewing privacy practices and reinforcing education for all staff members. It’s also working with the Department of Health and Human Services – Office for Civil Rights and law enforcement.

People with questions or concerns about the incident are encouraged to call 641-428-7000. The call center is strictly confidential and representatives are available 8 a.m. to 5 p.m. Monday through Friday.

Reach Reporter Ashley Stewart at 641-421-0533. Follow her on Twitter at GGastewart.


Get local news delivered to your inbox!

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.

Related to this story

Most Popular

Get up-to-the-minute news sent straight to your device.


News Alerts

Breaking News